par Pouyanrad, Sepideh;Mühlberg, Jan Tobias 
;Joosen, Wouter
Référence (August 25 - 28, 2020: Virtual Event Ireland), ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security, Association for Computing Machinery, New York, NY, United States, page (1-10)
Publication Publié, 2020
;Joosen, WouterRéférence (August 25 - 28, 2020: Virtual Event Ireland), ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security, Association for Computing Machinery, New York, NY, United States, page (1-10)
Publication Publié, 2020
Publication dans des actes
| Résumé : | Information leakage through side-channels poses a serious threat to the security of distributed systems. Recent research on countermeasures against side-channel attacks show that, on embedded platforms with predictable execution times, certain classes of these vulnerabilities can be detected and mitigated automatically by means of language-based security techniques. In this paper, we propose a security type system to statically analyse MSP430 assembly programs to detecting information leakage through novel interrupt-latency attacks (a.k.a. Nemesis), timing side-channels, and undesired information flow. We have implemented our technique in a tool, Side Channel FinderMSP, which automatically verifies MSP430 object-code programs to be free of such vulnerabilities. We evaluate the effectiveness of our tool by applying it to a representative set of vulnerable and benign programs. Our experiments demonstrate that the tool is both effective in detecting vulnerabilities, and scalable to realistic applications. |
